321 matches found
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
Information disclosure
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
CVE-2021-38339
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01...
CVE-2021-38339 Simple Matted Thumbnails <= 1.01 Reflected Cross-Site Scripting
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01...
CVE-2021-38339
The CVE-2021-38339 entry affects the WordPress plugin Simple Matted Thumbnails, version ≤ 1.01. The vulnerability is a Reflected Cross-Site Scripting flaw caused by a reflected value in $_SERVER["PHP_SELF"] within the simple-matted-thumbnail.php file, enabling an attacker to inject arbitrary web ...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress Simple Matted Thumbnails suffers fr...
WordPress Simple Matted Thumbnails plugin <= 1.01 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Matted Thumbnails plugin versions = 1.01. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
Microsoft Raw Image Extension 代码注入漏洞
Microsoft Raw Image Extension is a software application from Microsoft. It enables the viewing of thumbnails and metadata for supported raw file formats directly in Windows File Explorer or the viewing of images in the Photos application. A code injection vulnerability exists in Microsoft Raw Ima...
YouTube Has a Disturbingly Creepy Minecraft Problem
A WIRED investigation has found dozens of kid-focused videos with disturbing thumbnails that the platform serves up on the Topic pages of popular games...
Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-30402)
Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to obtain thumbnails of content in private mode...
CVE-2019-20593
An issue was discovered on Samsung mobile devices with N7.x and O8.x software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 July 2019...
CVE-2019-20593
CVE-2019-20593 concerns Samsung mobile devices running N(7.x) or O(8.x) software where the Gallery app leaks Private Mode thumbnails. Public descriptions across multiple sources (NVD entry, Red Hat advisory, CNVD, CVE pages) consistently state the vulnerability involves information disclosure via...
[SECURITY] Fedora 31 Update: ImageMagick-6.9.10.86-1.fc31
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...
Design/Logic Flaw
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...
CVE-2019-5452
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...
[SECURITY] [DLA 1593-1] phpbb3 security update
Package : phpbb3 Version : 3.0.12-5+deb8u2 CVE ID : CVE-2018-19274 Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar...
Design/Logic Flaw
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
CVE-2018-14059
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
CVE-2018-14059
CVE-2018-14059 corresponds to a Pimcore XSS vulnerability exposed in Pimcore 5.2.3 and earlier and affects multiple entry points: Users, Assets, Data Objects, Video/Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Meta...
Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives
Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula fr...